1.2 The vulnerability exists due to insufficient filtration of user-supplied input in "action" HTTP POST parameter in "jforum.page" script when posting a reply. A remote attacker can create a specially crafted webpage and execute arbitrary HTML and script code in user's browser in the context of vulnerable website. Successful exploitation requires that victim visits the malicious webpage.Malicious webpage example: